# Exploit Title: Curfew e-Pass Management System 1.0 - Stored XSS # Date: 2/1/2021# Exploit Author: Arnav Tripathy# Vendor Homepage: https://phpgurukul.com# Software Link: https://phpgurukul.com/curfew-e-pass-management-system-using-php-and-mysql/# Version: 1.0# Tested on: Windows 10/Wamp1) Log into the application
2) Click on pass then click add a pass3) Put <script>alert(1)</script>in the Full name parameter , rest all fill whatever you want.4) Now go to manage passes, view the pass you just created.5) You'll get popup of alert
